Working smarter: balancing privacy with the right to know
Building trust with good governance
Personal information for an estimated 200,000 people at the Australian National University was compromised in a major cyberattack in June 2019. The exposed information included names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details and student academic records.
When such information falls into the “wrong hands” – whether as a result of a malicious attack or human error – it raises questions about how organisations manage information and protect people’s privacy.
This blog is part of a series featuring presentations by thought leaders, exploring the interplay of digital government, open government and information governance.
Equally important is transparency and the right for individuals to legally access certain information. In the Information Access Study carried out by Woolcott Research on behalf of the Queensland Information Commissioner, 87% of respondents said that access to information was “very important” or “quite important.” Respondents wanted online access to a variety of information, especially policies, procedures and records of decision-making processes that affect them or their community.
Balancing privacy and the right to know
When both privacy and the right to know are important to people, how do agencies walk the tightrope between the two? Speaking at Objective Collaborate in Brisbane, Queensland Privacy Commissioner Phil Green talked about the dual role of the Office of the Information Commissioner (OIC) in supporting both the right to privacy and the public interest in the release of government information.
The Human Rights Act 2019 recognises 23 fundamental rights including freedom of expression and the right to privacy. This Act is supported by the Right to Information Act 2009 (RTI Act) which aims to make more government information available and provide equal access to information.
At the other end of the spectrum, the Information Privacy Act 2009 (IP Act) recognises the importance of protecting personal information. It governs how Queensland Government agencies collect, store, use and disclose personal information.
Both the RTI and IP Acts have celebrated their 10th anniversary and are under review to ensure they continue to support this balance in the digital age.
Building trust through good governance
“Strong governance and oversight are critical in our role of providing advice and helping agencies balance the rights and interests that apply to the information they hold,” says Green. “At a minimum, agencies need to limit collection to what is strictly necessary. They also need to ensure secure storage and access controls. Where appropriate, they need to apply de-identification mechanisms and implement policies to guide responsible use or disclosure and maintain audit trails.”
The focus of the OIC is on accountability and strengthening protections for personal information. Green believes this gives people confidence that their digital information is being “respected and protected” and helps build trusted relationships on which businesses and governments rely.
“Sound human judgement is essential,” agrees Cameron Thornton, Industry Solutions Director at Objective Corporation. “Making a decision to release information requires consideration. It takes time. Objective’s information management solutions offer robust governance. They also help practitioners respond efficiently and make good decisions with greater transparency around that decision-making process,” says Thornton.
To understand more about balancing transparency with privacy, Objective Corporation is conducting research that examines the way organisations manage and respond to requests for information access. The Open By Design research project also gives organisations the opportunity to benchmark themselves against peers and measure progress over time. It may highlight areas for improvement, savings or benefits realisation.
For more information on Objective’s Open By Design research download our Insight Paper. To find out how you can participate in the research contact us.
What smarter working means for information management, privacy and data security. Presentation by Philip Green, Queensland Privacy Commissioner at Collaborate hosted by Objective Corporation, 2019 (Brisbane)